140 likes | 321 Views
Overview of the Session. How do you determine if you have a successful compliance program for Student Affairs departments? Are high risk areas well controlled? How and why do we do what we do to mitigate risks? Departmental ERM FootprintsTraining PlansMonitoring PlansReporting PlansAssurance ActivitiesAudit Programs Coordination of Effort.
E N D
1. High Risk Areas in Student Affairs Jennifer Hammat, Mark Luker & Jeff Toreki
The University of Texas at Austin
2. Overview of the Session How do you determine if you have a successful compliance program for Student Affairs departments?
Are high risk areas well controlled?
How and why do we do what we do to mitigate risks?
Departmental ERM Footprints
Training Plans
Monitoring Plans
Reporting Plans
Assurance Activities
Audit Programs
Coordination of Effort
3. Compliance Program Monthly reporting of compliance issues to the compliance office routed through office of VPSA
Institutionally determined high risk areas has to this point simply included Student Affairs without any specificity
VP decided not to arbitrarily determine our high risk activities on his own
Each department participated in Enterprise Risk Management process
4. Compliance Program Departments in Student Affairs include:
Office of the Vice President
Office of the Dean of Students
Division of Recreational Sports
University Health Services
Division of Housing & Food
Counseling & Mental Health Center
UT Learning Center
Career Exploration Center
Texas Student Media
Texas Union
Office of the Registrar
Office of Student Financial Services
5. Points 2 and 3 for Discussion Are high risk areas well controlled?
This has to be a conversation at the divisional, departmental, and inner departmental level to be meaningful
How and why do we do what we do to mitigate risks?
We talk, we review, we control, we monitor, we assess, we revisit, we compare footprints from one department to the next to see if one area does it better than another
6. Departmental ERM Process Each department director determined which senior and/or mid level managers would participate in the process
Senior/mid level manager teams ranged from 6 to 35 members based on the department directors discretion
Time frame to complete the ERM process was anywhere from 2 weeks to 4 months depending on the depth and breadth
7. Departmental ERM Process Review of the process
Owned by each department
Considered to be an internal management tool
Shared with the VPSA
Divisional critical risks taken from the department level up
Phase 1 of the process took 1 year
8. Training Plans Departmentally expecting 100% compliance with institutional online training plans
Specific departments found areas where additional training was necessary based on the ERM process
Divisionally we also have found areas for training focus: email protocol (saving, deleting, use) and additional ethics training are two examples
9. Monitoring Plans As the Phase 1 roll out occurred over 1 year, so too are the Phase 2 monitoring meetings
I meet individually with the departmental designee in charge of recording the monitoring efforts for the department
Each department selected the items to monitor for the first year
Once those are reviewed, the next items to monitor will be selected
10. Reporting Plans Currently all SA departments submit monthly compliance reports to me directly and I compile them for the division and submit them to the Compliance Office
Monitoring reports will also be submitted every quarter to the Compliance Office so they are continually informed of our internal Risk Auditing efforts
Annual report for Student Affairs will also include a section on Enterprise Risk Management efforts
11. Assurance Activities At the VPSA level, ERM implementation, oversight, monitoring, progress and the like are part of my job description
At the director and AVP level the ERM progress initiative has been added into the special projects area of their evaluations as well
Within the departments, job descriptions have been modified for the monitoring and controls listed
12. Audit Programs Although Jeff and Mark are from Internal Audits, they made it clear in every session that ERM was not an audit process
Having said that with a risk footprint available for the director to hand over to an auditor, it is our hope in Student Affairs that they would actually look at the footprint for the self identified high risk activities and see if the controls are working
13. Coordination of Efforts This to me is all about communication and having a person dedicated to getting people to play nicely together. Operationally, I ask the departments to monitor the activity and controls. They provide information in reports. I share those with the Compliance Office and we dialogue with the Audit Office on audits and Phase 2 of the ERM process should we continue to need assistance
14. Contact Information Jennifer Hammat 512-232-3992
j.hammat@austin.utexas.edu
Mark Luker 512-471-8978
mark.luker@austin.utexas.edu
Jeff Toreki 512-471-8974
jtoreki@mail.utexas.edu
Thanks so much! Enjoy your conference!